Are Penetration Tests Worth the Risk?
I have had several conversations with executives recently about the role of penetration testing and whether or not penetration testing is worth the risk? There seems to be two schools of thought on...
View ArticleDifferentiating Penetration Tests, Vulnerability Scans, and Risk Assessments
Penetration testing has become another hot, and often misused term in the marketplace, joining the ranks of other buzz words such as “Cybersecurity”, “Hacker” and “The Cloud”. Often times,...
View ArticleClik here to view.
I am an OPM Data Breach Victim- Next Steps
Nearly six months after the fact, I received a letter from the Office of Personnel Management notifying me that my information had officially been lost in the June 2015 breach. To add insult to injury,...
View ArticleClik here to view.
2016 Cyber Risk Reports Reveal the Need for Effective Risk Assessments to...
As companies continue to shift data and resources to electronic formats, a trend growing faster year over year, information and cyber risks shift to the top of management’s priority list. This means...
View ArticleClik here to view.
Tracking Data Breaches & Staying Informed
The Identity Theft Resource Center (ITRC) is a nonprofit organization that focuses on educating consumers, corporations, government agencies and other organizations on best practices related to fraud...
View ArticleDeveloping & Implementing a Data Classification Policy
Properly classifying and labeling information assets is fundamental to a successful information security program, yet many organizations fail to implement one. Without proper asset classification, the...
View ArticleClik here to view.
How to Check for Dangerous Certificates and Unsigned Windows OS Files
Sigcheck is a light weight Windows command-line utility that does an amazing job at scanning the digital certificate stores on your system for anything irregular and not part of the official Microsoft...
View ArticleClik here to view.
Securing Corporate Wireless Access Points (WAPs)
The set of controls and conditions IT auditors look for during assessments of Wireless Access Points (WAPs) tends to vary auditor to auditor. In some cases, the IT auditor may make great suggestions...
View ArticleThe Future of IoT Security
Required Reading: 1) IoT Growing Faster Than the Ability to Defend it 2) DDoS on DYN Impacts Twitter, Spotify, Reddit Until recently the security concerns associated with IoT devices have been mostly...
View ArticlePetya Ransomware & Mitigation Steps
They Petya Ransomeware outbreak is the second such global attack in the last couple of month. The malware is spreading using same Microsoft Windows vulnerability that was exploited by the recent...
View Article
